Apache 2.0 STATUS:
Last modified at [$Date: 2000/10/28 14:57:36 $]
Release:
2.0a8 : ???
2.0a7 : released October 8, 2000
2.0a6 : released August 18, 2000
2.0a5 : released August 4, 2000
2.0a4 : released June 7, 2000
2.0a3 : released April 28, 2000
2.0a2 : released March 31, 2000
2.0a1 : released March 10, 2000
RELEASE SHOWSTOPPERS:
* Root all file systems with <Directory /> for WIN32/OS2/NW permissions
Status: patch brought forward from 1.3.14
WIN32 and OS2 need review [William Rowe, Brian Harvard]
* Remove Buff from the code. Convert the remaining calls to ap_b***().
* Error messages are filtered according to the needs of the original
URI. Nothing ensures that they are translated on EBCDIC machines
and *not* translated on ASCII machines.
* Win32: Enable the Windows MPM to honor max_requests_per_child
Status: Bill will fix this.
* Win32: Get Apache working on Windows 95/98. The following work
(at least) needs to be done:
- winnt MPM: Fix 95/98 code paths in the winnt MPM. There is some NT
specific code that is still not in NT only code paths
- IOL binds to APR sendfile, implemented with TransmitFile, which
is not available on 95/98.
- Document warning that OSR2 is required (for Crypt functions, in
rand.c, at least.)
* Win32: Test access logging with multiple threads. Will the
native file I/O calls serialize automagically like the
CRT calls or do we need to add region locking each time
we access the logs?
Status:
* Win32: Complete the revamp the service environment and relocation
into the WinNT MPM. Changes ServerRoot service registry
parameter into ConfigArgs for multiple service startup parameters.
Problems to fix in the revamp: -k shutdown/restart are broken,
signals are not being acknowledged. Close window and shutdown
also seem out of sorts.
OtherBill is working on this
* We need a thread-safe resolver, at least on Unix.
Status: The best known candidate would be something from
BIND v9.
Status: Greg asks, "why? doesn't gethostbyname_r() handle this?"
* There are still thread-unsafe functions used in the server.
- getpwnam in mod_userdir
- more?
* Modify mod_cgi and mod_cgid to deal with directories. This allows
a lot of directives to be removed from the core.
* The AddInputFilter and AddOutputFilter directives do not allow the
administrator to remove or reorder filters. Once a filter is added
in a container, it is present in any subcontainers. It can only be
added to the filter chain after any filters specified in enclosing
containers.
RELEASE NON-SHOWSTOPPERS BUT WOULD BE REAL NICE TO WRAP THESE UP:
* Combine log_child and piped_log_spawn. Clean up http_log.c.
Common logging API.
* Create unified scoreboard API and implementation shared across
the MPMs
* Document mod_file_cache.
* OS/2: Get loadable modules working again. Requires shared core support
which doesn't appear to be catered for in the current build system.
* OS/2: Make mod_status work for spmt_os2 MPM.
* Build scripts do not recognise AIX 4.2.1 pthreads, so the
pthread MPMs will not build.
* Win32: Enable the winnt MPM to use the new scoreboard API
* Win32: Implement ap_shm_ functions in APR.
* Win32: Win9x console window still won't play nice with the
close window, logoff and shutdown scenarios.
* Win32: Add a simple hold console open patch (wait for close or
the ESC key, with a nice message) if the server died a bad
death (non-zero exit code) in console mode.
* Platforms that do not support fork (primarily Win32 and AS/400)
Consider introducing HAVE_FORK feature macro. Architect start-up code
that avoids initializing all the modules in the parent process on
platforms that do not support fork.
* Win32: Migrate the MPM over to use APR thread/process calls. This
would eliminate some code in the Win32 branch that essentially
duplicates what is in APR.
Bill says we need a new procattr, APR_CREATE_SUSPENDED (or
something similar) to direct ap_create_process to create the
process suspended. We also need a call to wake up the suspended
process This may not be able to be implemented everywhere though.
* There are still a number of places in the code where we are
losing error status (i.e. throwing away the error returned by a
system call and replacing it with a generic error code)
* Win32: Implement reliable piped logs on Windows
* The connection status table is not very efficient. Also, very few stats
are exported to the connection status table (easy to fix), and mod_status
is ugly.
* Mass vhosting version of suEXEC.
* Replace tables with a proper opaque ADT that has pluggable
implementations (including something like the existing data type,
plus hash tables for speed, with options for more later).
Status: fanf is working on this.
* All DBMs suffer from confusion in support/dbmmanage (perl script) since
the dbmmanage employs the first-matched dbm format. This is not
necessarily the library that Apache was built with. Aught to
rewrite dbmmanage upon installation to bin/ with the proper library
for predictable mod_auth_db/dbm administration.
* configuration option to use *DBM
Status: Greg +1 (volunteers)
employ same dbm for mod_auth_dbm? [Win32 is using our own sdbm]
* Integrate mod_dav.
Message-id: <20000625173247.M29590@lyra.org>
Status: works. passes initial regression testing. Joe Orton
reports success with his "cadaver" tool.
Some additional items remaining:
- case_preserved_filename stuff
- fix and re-enable sdbm_lock.c
- find a new home for ap_text(_header)
- is it possible to remove the DAV: namespace stuff from util_xml?
* ap_core_translate() and its use by mod_mmap_static and mod_file_cache
are a bit wonky. The function should probably be exposed as a utility
function (such as ap_translate_url2fs() or ap_validate_fs_url() or
something). Another approach would be a new hook phase after "translate"
which would allow the module to munge what the translation has decided
to do.
Status: Greg +1 (volunteers), Ryan +1
* Explore use of a post-config hook for the code in http_main.c which
calls ap_fixup_virutal_hosts(), ap_fini_vhost_config(), and
ap_sort_hooks() [to reduce the logic in main()]
* read the config tree just once, and process N times (as necessary)
* add a version number to ap_initialize() as an extra failsafe against
(APR) library version skew.
MsgID: <Pine.LNX.4.10.10005231712380.31927-100000@nebula.lyra.org>
Status: Greg +1 (volunteers), Jeff +1, Ryan +1, Tony -0(?)
* mod_info to use the configuration tree
* make apr_get_uuid() thread-safe
* (possibly) use UUIDs in mod_unique_id and/or mod_usertrack
* Platforms which have their own APR directories for some feature but
mostly use the unix directories (e.g., OS/390 which uses an os390
directory only for the DSO feature) don't compile cleanly because the
include path is messed up. For example, start.c can't find locks.h.
See new-httpd thread "os-specific directories and -Ifoo/OSDIR in APR"
in August/2000.
PRs that have been suspended forever waiting for someone to
put them into 'the next release':
* PR#73: mod_log-any
reporting of referer in error_log
Status:
* PR#76: general
missing call to "setlocale();"
Status:
* PR#78: mod_include
Additional status for XBitHack directive
Status:
* PR#161: mod_dir
Questionable performace of mod_dir() with negotiation
Status:
* PR#362: mod_proxy
Mod_proxy doesn't allow change of error pages
Status:
* PR#370: mod_env
Modified PATH environemnt variable is not passed, instead
system's is used
Status:
* PR#440: mod_proxy
Proxy doesn't deliver documents if not connected
Status:
* PR#534: mod_proxy
proxy converts ~name to %7Ename when name starts with a dot (.)
Status:
* PR#537: mod_access
mod_access syntax allows hosts that should be restricted
Status:
* PR#557: mod_auth-any
~UserHome directories are not honored in absolute pathname
requests (.htaccess)
Status:
* PR#573: mod_log-any
More LogFormat directives
Status:
* PR#612: mod_proxy
Proxy FTP Authentication Fails
Status:
* PR#623: mod_include
A smarter "Last Modified" value for SSI documents (see PR number 600)
Status:
* PR#628: config
Request of "Options SymLinksIfGroupMatch"
Status:
* PR#697: mod_include
A security tweak I've been using for a few years for SSI
Status:
* PR#700: mod_proxy
Proxy doesn't do links right for OpenVMS files through ftp:
Status:
* PR#759: mod_imap
imap should read <MAP><AREA>*</MAP> too!
Status:
* PR#793: general
RLimitCPU and RLimitMEM don't apply to all children like they should
Status:
* PR#921: suexec
Uses cwd before filling it in, doesn't use syslog
Status:
* PR#922: config
it is useful to allow specifiction that root-owned symlinks
should always be followed
Status:
* PR#980: mod_proxy
Controlling Access to Remote Proxies would be nice...
Status:
* PR#994: mod_proxy
Adding authentication "on the fly" through the proxy module
Status:
* PR#1004: apache-api
request_config field in request_rec is moderately bogus
Status:
* PR#1028: other
DoS attacks involving memory consumption
Status:
* PR#1050: mod_log-any
Logging of virtual server to error_log as well
Status:
* PR#1085: mod_proxy
ProxyRemote make a dead cycle.
Status:
* PR#1117: mod_auth-any
Using NIS passwd.byname dbm files with AuthDBMUserFile
Status:
* PR#1120: suexec
suexec does not parse arguments to #exec cmd
Status:
* PR#1145: mod_include
Allow for Last-Modified: without resorting to XBitHack
Status:
* PR#1156: config
insufficent AllowOverrides granularity for autoindexing
Status:
* PR#1158: apache-api
improvements to child spawning API
Status:
* PR#1166: mod_proxy
``nph-'' not honored (no buffering) for ProxyRemote mapping
Status:
* PR#1176: mod_cgi
Apache cannot handle continuation line in headers
Status:
* PR#1191: general
setlogin() is not called, causing problems with e.g. identd
Status:
* PR#1204: general
regerror() exists, use it
Status:
* PR#1233: apache-api
there is no way to keep per-connection per-module state
Status:
* PR#1263: mod_dir
Add frame-safe anchor attribute to mod_autoindex links
Status:
* PR#1268: suexec
CGI scripts running as Apache user: security (suexec etc.)
Status:
* PR#1285: suexec
Error messages could be easier to spot in cgi.log file for suexec.c
Status:
* PR#1287: mod_access
add allow,deny/deny,allow warning to mod_access
Status:
* PR#1290: mod_proxy
Need to know "hit-rate" on proxy cache
Status:
* PR#1358: mod_log-any
Selective url-encode of log fields (or maybe a pseudo
log_rewrite module?)
Status:
* PR#1383: mod_headers
I make mod_headers to modify request headers as well as
response ones.
Status:
* PR#1532: mod_proxy
Proxy transfer logging
Status:
* PR#1547: mod_proxy
No HTTP_X_FORWARDED_FOR set...
Status:
* PR#1567: mod_proxy
ProxyRemote proxy requests fail authentication by firewall
Status:
* PR#1574: mod_autoindex
ReadmeName and HeaderName don't allow for server-parsed html.
Status:
* PR#1582: mod_rewrite
mod_rewrite forms REQUEST_URI different than mod_cgi does
Status:
* PR#1677: mod_headers
mod_headers should allow mod_log_config-style formats in
header values
Status:
* PR#1702: mod_proxy
mod_proxy to support persistent conns?
Status:
* PR#1803: mod_include
patches to mod_include to allow for file tests
Status:
* PR#1809: mod_auth-any
Suggestion for improving authentication modules and core source
code, problem with 401 and ErrorDocument
Status:
* PR#1855: mod_autoindex
More Control over autoindex layout
Status:
* PR#1878: mod_proxy
listing of proxy cache content
Status:
* PR#1905: suexec
Allow modules to set user:group for execution.
Status:
* PR#2024: apache-api
adding auth_why to conn_rec
Status:
* PR#2073: mod_log-any
pipelined connections are not logged correctly
Status:
* PR#2074: mod_rewrite
mod_rewrite doesn't pass Proxy Throughput on internal subrequests
Status:
* PR#2113: config
HTTP Server Rebuild Line Needs Changing for the better
Status:
* PR#2138: mod_status
mod_status always displays 256 possible connection slots
Status:
* PR#2221: documentation
Make online documentation search link back to my installation
Status:
* PR#2284: general
Can not POST to ErrorDocument - Apache/1.3b6
Status:
* PR#2314: mod_proxy
patterns in ProxyRemote
Status:
* PR#2343: mod_status
Status module averages are for entire uptime
Status:
* PR#2360: suexec
suexec for general access of user content?
Status:
* PR#2396: general
Proposal for TimeZone directive
Status:
* PR#2415: mod_info
/server-info doesn't check for the virtual host to list the info
Status:
* PR#2421: config
problem specifying ndbm library for build ?with autoconfigure
Status:
* PR#2431: general
A small addition to rotatelogs.c to improve program functionality.
Status:
* PR#2446: config
AllowOverride FileInfo is too coarse
Status:
* PR#2460: mod_cgi
TimeOut applies to output of CGI scripts
Status:
* PR#2512: mod_access
&lt;IfDenied&gt; directive wanted
Status:
* PR#2573: suexec
CGI's for general use still have to be run as another user
with suExec
Status:
* PR#2648: general
Cache file names in Proxy module
Status:
* PR#2760: config
[PATCH] User/Group for <Directory> and <Location> i.e. not only
in global and <Virtual>.
Status:
* PR#2763: general
mailto tags and bundling bug report script
Status:
* PR#2772: mod_log-any
more % escapes
Status:
* PR#2785: os-aix
Support for System Resource Controller
Status:
* PR#2793: protocol
When will Apache support P3P? Any Plans?
Status:
* PR#2873: config
Feedback/Comment on APACI
Status:
* PR#2889: general
Inclusion of RPM spec file in CVS/distributions
Status:
* PR#2906: general
Propose that Apache recommend $UNIQUE_ID for all "session id"
algorithms
Status:
* PR#2907: config
suggestion: power up your Include directive :)
Status:
* PR#3018: general
cannot limit some HTTP methods
Status:
* PR#3026: mod_autoindex
No way to change ReadmeName/HeaderName suffixes.
Status:
* PR#3143: apache-api
No module specific data hook for per-connection data
Status:
* PR#3181: config
Configuration file in Japanese
Status:
* PR#3191: mod_negotiation
no way to set global quality-of-source (qs) coneg values
with multiviews
Status:
* PR#3430: mod_negotiation
Enhancement: MultiViews, Multi-Language Documents
Status:
* PR#3568: mod_proxy
Accessing URL through proxy server corrupts data.
Status:
* PR#3594: os-windows
Please add an Apache icon to the systray instead of a DOS window
Status:
* PR#3605: mod_proxy
Some anonymous FTP URLs ask for authentication
Status:
* PR#3654: mod_autoindex
BORDER=0 makes Icons look nicer (FancyIndexing)
Status:
* PR#3677: general
New ErrorDocumentMatch directive
Status:
* PR#4180: os-windows
Alternative for win95 users
Status:
* PR#4241: config
Need to be able to override shebang line to make CGI scripts
more portable.
Status:
* PR#4244: config
"Files" and "FilesMatch" regexp does not recognize bang as
negation operator
Status:
* PR#4448: mod_log-any
Please allow CGI env variables (QUERY_STRING, ...) to be logged
with %{}e
Status:
* PR#4455: config
apache provides no way to do a wildcard/global NameVirtualHost
Status:
* PR#4459: mod_include
Suggestion for better handling of Last-modified headers
Status:
* PR#4490: mod_cgi
mod_cgi prevents handling of OPTIONS requests
Status:
* PR#4520: mod_autoindex
mod_autoindex does not generate Last-Modified response headers
Status:
* PR#4658: os-windows
The output of CGI scripts appears in the window that apache
is running in
Status:
* PR#5713: os-windows
[PATCH] install as service with domain account
Status:
* PR#5993: general
AllowOverride should have a 'CheckNone' and 'AllowNone' argument
instead of only 'None'
Status:
* PR#6347: mod_mime
MIME types for MNG and JNG files need adding to mime.types and
the mime.types and magic files
Status: Waiting for IANA types to be defined
Other bugs that need fixing:
* MaxRequestsPerChild measures connections, not requests.
Until someone has a better way, we'll probably just rename it
"MaxConnectionsPerChild".
* Regex containers don't work in an intutive way
Status: No one has come up with an efficient way to fix this
behavior. Dean has suggested getting rid of regex containers
completely.
* SIGSEGV on Linux (glibc 2.1.2) isn't caught properly by a
sigwaiting thread. We need to work around this, perhaps unless
there is hope soon for a fixed glibc.
* The MM library is built as static and shared library. This should
be set up to build only the required version.
Other features that need writing:
* Finish infrastructure in core for async MPMs
Status: post 2.0
* TODO in source -- just do an egrep on "TODO" and see what's there
Documentation that needs writing:
* Mod_status docs are needed.
* The concept of MPMs, especially if we ship more than one MPM for a
given platform
* New directives in the various MPMs and appropriate links from
obsolete directives in core.html to the MPM documentation.
* Revise manual/stopping.html and the last part of
manual/misc/perf-tuning.html to take account of the MPMs.
* API documentation
Status: Ben Laurie has written some hooks documentation
(apache-2.0/htdocs/hooks.html)
* Changes since 1.3.9 can be more easily seen in the commitlog file
dev.apache.org:/home/cvs/CVSROOT/commitlogs/apache-2.0
which includes some of Roy's comments when the changes were
committed in rough change-sets by purpose. Note that the commitlog
does not show the contents of new files until later.
Available Patches:
* Martin Sojka <msojka@gmx.de>'s patch to add error reporting for failed
htpasswd actions due to a full /tmp volume (other programs may have
similar problems?)
PR: 6475
Status:
* Mike Abbott's <mja@trudge.engr.sgi.com> patches to improve
performance
Status: These were written for 1.3, and are awaiting a port to
2.0
* Jim Winstead's <jimw@trainedmonkey.com> patch to add CookieDomain and
other small mod_usertrack features
* Dan Rench's <drench@xnet.com> patch to add allow the errmsg and timefmt
of SSI's to be modified in the config file. Patch is available in
PR6193
Open issues:
* What do we do about mod_proxy?
* Which MPMs will be included with Apache 2.0?
* Is conf/highperformance.conf-dist obsolete? It looks obsolete.